Verifying email signature
In an attempt to learn more about the workings of gpg, I've been trying
to verify emails from the command line.
These signatures are not signed, but mutt reports a good signature, but,
of course, warning that they are not signed..
When I try to verify a saved message - one which has been reported as
"good" from Mutt, gpg returns a "BAD" signature.
I've tried saving the orig. msg attachment part as, say "body", and the
sig attachment as "body.asc".. In fact, I've even been able to cat the two
temp files to a screen, cut-and-paste these outputs to files, then cut
the command from a ps listing (with filename edited) and still no go..
I can cleartext sign a file with my own key, and it comes back as "Good".
In fact, another oddity to me -- The email message has to have the
signature in a separate file or gpg tries to open another file, coming
back with a filename not found error, and no signature found. But on
my own signed file, it works with only the signed file.. and the filename
different from the original. The signature that I generate
looks identical to that at the end of an email, the length of the
strings of characters is of identical length on both lines (different
characters, of course), so it would appear that my sigs are of the same
type as the emails..
Maybe this is not all that important, but it might prove helpful to be
able to do this, and it seems as if it _should_ work.
Reply to: